[PATCH] pdb_ldap: Use lp_ldap_group_suffix

Michael Adam obnox at samba.org
Mon Jul 9 15:20:00 MDT 2012

Hi Christof,

Christof Schmitt wrote:
> The current code in pdb_ldap uses the generic ldap_suffix for all
> queries on the LDAP server. With this approach, the LDAP server
> has to look at all user, machine and group records for all
> queries. The attached patch changes the group queries to use the
> lp_ldap_group_suffix instead.
> I tried to also do the same for user and machine records, but
> user and machine records can use different suffixes and there is
> no easy way to distinguish between them. Querying both suffixes,
> user and machine, would defeat the goal of reducing the load on
> the LDAP server, so this patch only uses the group suffix.

Well, this is essentially the revert of

"Fix bug #6431 - local groups from 3.0 setups no longer found."
(Search for groups without group suffix, group suffix is only
used for new entries.)


So we can't simply revert that if we still want to
support older installations.

We could force the use of some form of "upgrade-provision" for
older installations.

Or we could add another option that triggers this use of the
group suffix.

More options? What do others think?

Best, Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120709/96e53df5/attachment.pgp>

More information about the samba-technical mailing list